• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 694
  • Last Modified:

Accelerating all outbound traffic from LAN

I'm looking for products that will accelerate LAN traffic to the internet. However, it's not really WAN  optimization (in the typical scenerio), since it's not going to a specific endpoint, I just want to speed up all traffic going outbound from our LAN. Basically using a hardware device of some kind to leverage the bandwidth we already have instead of buying more.

I've seen a lot of companies out there for WAN acceleration like Riverbed and Juniper, but their solutions are really expensive and I'm wondering if there are any other ideas out there that are a little more reasonable that are just for all outbound traffic from a LAN.

Any ideas?
0
wlandymore
Asked:
wlandymore
  • 9
  • 6
  • 5
  • +1
1 Solution
 
Jan SpringerCommented:
Not cheap either but will work to balance the load on outbound WAN circuits -> FatPipe
0
 
giltjrCommented:
You are looking for a magic bullet and there are none.  WAN acceleration devices work in pairs and work by a few different methods, all which are really "data reduction" methods.  Data compression, data differental transmission, or various methods of data compressions.

Now, if you are talking about specific types of traffic, such as HTML, there are devices that will do dynamic HTML compression.  But they only work for HTML.  

FatPipes really does not do WAN acceleration, it will do outbound load balancing, assuming you have multiple Internet links via multiple ISP and you are not already doing BGP.
0
 
jotase74Commented:
Where is the "choke point" in your network, just between yourself and your ISP?  Also, would it be possible for you to block certain miscellaneous sites that are more bandwidth intensive so as to give more to the sites that actually need it?
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Jan SpringerCommented:
If he is not going to use BGP along with the knobs to tweak outbound traffic and doesn't want an expensive device to determine best path but wants to leverage the bandwidth he already has, load balancing is a good option.

The only other real option that I see (and this presumes an intelligent device) is QoS, marking the LAN traffic and prioritizing that traffic over other traffic.
0
 
wlandymoreAuthor Commented:
I don't need two devices in this case because it's just to speed up traffic going to the outside world. And yes, you can get WAN acceleration without using a pair of hardware devices. Riverbad actually claims that they can do this with just one device. But since Riverbed is about 20,000/per device that's not really in the price range.
I'm looking at webfilters, etc. to see if I can limit the sites and things that are soaking it up, but I would also like to know if there is something out there LIKE wan acceleration that can speed up ALL outbound traffic to the internet.
0
 
giltjrCommented:
Which Riverbed device are you looking at?  

Yes, there are some devices that can accelerate SOME WAN traffic without installing pairs.  They are generally limited to HTTP protocols though.

Device that "accelerate" the traffic don't speed up how fast the data goes over the WAN.  They reduced the amount of data that flows over the WAN.  They do this by various methods, such as data compression.  However to use a single device means that you have to be using protocols where the client/server allow for compressed data normally.

Examples:  

Web browsers allow for content to be statical or dynamically compressed using gzip or deflate. So you can install a product that does gzip/default compression for HTTP traffic.  Riverbed has their Web Application Accelerator that would fall into this category.

CIFS/Samba does not allow for data to be dynamically or statically compressed.  So if you are doing file sharing over a WAN you can't install a single box that could reduce the amount of data being sent over the WAN.  You have to install a pair of boxes.  One on each side.  Once that compresses the data and one that de-compresses the data.  Riverbed has their Wide Area File Services device that falls into this category.

There is NO device on the market that installed by itself that will "accelerate" ALL traffic.  Some applications (POP, SMTP for example) do not allow for compression of data, so there is nothing that can be done by one box that would be able to accelerate this type of traffic.
0
 
wlandymoreAuthor Commented:
It's more like bandwidth management I guess. I'm looking for a device that can prioritize traffic to certain locations and based on what kind of application/protocol is being used.

For example, if I want to shut down iTunes for everyone but two users, I can allow iTunes traffic through for those two but it limits everyone else to nothing or a set limit. Then if I want to have a 'pipe' so that traffic out to a certain site is prioritized and goes through quickly, it can.

Hope that's more clear.  
0
 
Jan SpringerCommented:
I still think the FatPipe can do some or most of what you are trying to accomplish.  Or access-lists on the router (if you can do that).
0
 
giltjrCommented:
Some firewalls can limit bandwidth based on protocol.  As _jesper_ stated you can use access-lists on a router, now not all routers will support that.

If you firewall/router does not support this, then you need to get something that is "inline" between the users and the outside world.    You could do this for free with GNU/Linux Kernel 2.6, two NIC's, and use tc commands for bandwidth shaping.
0
 
wlandymoreAuthor Commented:
firewall/router not an option
I'll look at the fatPipe. It would have to be something along that tangent....
0
 
wlandymoreAuthor Commented:
I took a look at the FatPipe but it seemed to be more about link redundancy than anything else. I need something where you can allocate bandwidth to certain applications, etc. but only for outgoing traffic - not to a specific endpoint on a WAN.

Is there no hardware appliance out there for that?
0
 
Jan SpringerCommented:
Other than QoS on a switch, I'm not familiar with any specific product.
0
 
Jan SpringerCommented:
One other thought, I have done rate-limiting with access-lists on cisco routers by defining the max amount of bandwidth that a particular application can use.  Not as good as QoS but you would be guaranteeing a specified amount for, example, http traffic.
0
 
wlandymoreAuthor Commented:
on the surface that would be good, but it would have to be something at the application level because if you end up saying you want 50% of your bandwidth to go to port 80 you would have things like Morpheus, BitTorrent, iTunes, MSN, that all seem to be able to go over port 80 in the event of something trying to stop them, soaking up bandwidth.
If it was an application level solution you could tell it to just drop all of those things and only allow HTTP through.
That's what I'm looking for.
0
 
giltjrCommented:
--> something at the application level

There is a BIG problem.  From the network's point of view a service is an application, so port 80 is the application.  It (the network) does not know, nor does it care about the "program" using that "application/service."  From the networks point of view, Morpheus, BitTorrent, iTunes, etc. are considered content when using port 80, not an application.

I know that Squid can do bandwidth throttling by scanning for the attachment HTTP header and then limiting bandwidth based on the file name in this header.  However I am not sure how those other programs work, so I don't know if it (or any other product) can do what you are asking.

The only thing you could do is limit traffic based on the "outside" IP address and port 80.

You would have to get something that examines the actual data content for all packets dealing with port 80 and then try and figure out what that packet is.  Now there could be some software/devices that have this smarts built into them already.
0
 
Jan SpringerCommented:
Actually,

I use NBAR in conjunction with access-lists for rate-limiting to avoid the problem that you mention above.
0
 
wlandymoreAuthor Commented:
yeah, I'm talking about the signature of the application that is running through the port. Exinda would do something like that but I don't like the fact that Exinda only does port 80 and that's it. I like the way things like Riverbed will do all TCP traffic, but those devices have too much to offer for a project like this.

I want something as simple as the Exinda box with just a little more functionality.
0
 
wlandymoreAuthor Commented:
Squid looks pretty close. Is that hardware or software?
0
 
wlandymoreAuthor Commented:
software
0
 
wlandymoreAuthor Commented:
just doesn't have the possibility of limiting certain applications based on IP, etc. Just proxy server to improve web, etc.
0
 
giltjrCommented:
Actually can limit rate based on IP address,

Here is an article that shows how to use delay pools:

http://www.enterpriseitplanet.com/networking/features/article.php/3374261

You can find more by searching on Squid Delay Pools.  Now in order to use delay pools you do need to know the remote IP address.  In fact for any type of rate limiting you really should know the IP addresses you want to limit.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 9
  • 6
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now